Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! ΞΞ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

Looking for a bit more than customer support, and want to learn more about what cryptostorm is , what we've been announcing lately, and how the cryptostorm network makes the magic? This is a great place to start, so make yourself at home!

Here are the currently-installed SSL certificates (public exponent) for our two main production websites, cryptostorm.org & cryptostorm.is. We will also add certificate materials for secondary domains such as torstorm.org, as well as keep this post updated with current materials as we upgrade or otherwise adjust our CA credentials server-side.

Note that neither of these two identity-verifying server certificates are part of connections to cryptostorm's network; rather, they simply exist to confirm that the websites folks are visiting using TLS/SSL (https protocol) are actually the websites we run, and not a Man-In-The-Middle replacement undertaken by an attacker.

Since there is very little sensitive information passed back and forth to these two websites - certainly nothing relating to secure connections to the cryptostorm network which is entirely decoupled from these websites and even the physical servers on which they are hosted - this is somewhat overkill. Indeed, these certificates are not part of the actual encipherment of https packets that takes place when visits to these two websites are undertaken; that process happens within the context of ephemerally-generated cryptographic keying algorithms, and is not dependent on PKI credentials to function (except insofar as such credentials, of course, confirm the identity of the server-side entity initiating the cryptographically-secured communications channel).

Even so, it is good security practice, and helps us to become comfortable with the concepts of cryptographic identity validation, MiTM attack vectors, spoofed credentials, hash fingerprint collision attacks, and so forth. (these cert materials are used to validate some of our TLS-secured email communications, as well)

for cryptostorm.is(which we are in process of replacing; more news when that process has completed)SHA1 fingerprint (which we prefer not to use given cipher weakness - more info): 34733139F5970913F0DEB376E17070A446AA782CMD5 fingerprint (even worse): B90CC8CC7122E89ABBBE7CDFB53A3FC7serial number: c4:21:3a:92:fc:d7:46:2f:e7:f6:69:a3:cb:56:2c:49serial number (base-10): 260701220995494372255927105941767859273OSCP authority verification: ocsp.comodoca.comcertificate revocation authority: issuing CA (Comodo)certificate signature algorithm: SHA256 / RSA 2048 keylengthdomain control validation: keybase.io